我设法通过kinesis-agent和firehose将我的Apache access_log(httpd / amazon-linux-ami 2016.09 / php5.6)发送到elasticsearch。
现在我正在努力转发error_log。
我的agent.json:
{
"cloudwatch.emitMetrics": true,
"kinesis.endpoint": "",
"firehose.endpoint": "firehose.eu-west-1.amazonaws.com",
"flows": [{
"filePattern": "/var/log/httpd/error_log*",
"deliveryStream": "xxxx",
"dataProcessingOptions": [{
"optionName": "LOGTOJSON",
"logFormat": "APACHEERRORLOG"
}]
}, {
"filePattern": "/var/log/httpd/access_log*",
"deliveryStream": "xxxx",
"dataProcessingOptions": [{
"optionName": "LOGTOJSON",
"logFormat": "COMMONAPACHELOG"
}]
}]
}
来自/var/log/httpd/error_log的示例行:
[Thu Feb 16 16:56:19.240650 2017] [:error] [pid 10719] [client 1.1.1.1:60890] PHP Notice: Undefined variable: env in /var/www/html/development/index.php on line 34
正如我所说,所有access_log都正确转发。但是没有错误日志发送到目的地。请参阅下面的/var/log/aws-kinesis-agent/aws-kinesis-agent.log:
2017-02-17 06:32:05.486+0000 ip-172-31-7-92 (FileTailer[fh:xxx:/var/log/httpd/error_log*].MetricsEmitter RUNNING) com.amazon.kinesis.streaming.agent.tailing.FileTailer [INFO] FileTailer[fh:xxx:/var/log/httpd/error_log*]: Tailer Progress: Tailer has parsed 414 records (116864 bytes), transformed 0 records, skipped 414 records, and has successfully sent 0 records to destination.
xxx是我的消防目的地(两者都相同)。
对我来说,似乎我的apache错误日志(默认格式,我没有改变任何东西)是根据APACHEERRORLOG预期的格式。
我在这里缺少什么?非常感谢一些指点,非常感谢!